[go: up one dir, main page]

WO2010057405A1 - Identity authentication method using short messages - Google Patents

Identity authentication method using short messages Download PDF

Info

Publication number
WO2010057405A1
WO2010057405A1 PCT/CN2009/074489 CN2009074489W WO2010057405A1 WO 2010057405 A1 WO2010057405 A1 WO 2010057405A1 CN 2009074489 W CN2009074489 W CN 2009074489W WO 2010057405 A1 WO2010057405 A1 WO 2010057405A1
Authority
WO
WIPO (PCT)
Prior art keywords
short message
signature
mobile terminal
sim card
server
Prior art date
Application number
PCT/CN2009/074489
Other languages
French (fr)
Chinese (zh)
Inventor
孙迎彤
纪晓民
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Publication of WO2010057405A1 publication Critical patent/WO2010057405A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This invention relates to record carriers for use with machines, and more particularly to record carriers with semiconductor circuit components, and more particularly to methods for authenticating ID cards using short messages. Background technique
  • the SIM card (subscr iber ident i ty model) adds various intelligent circuit modules, in addition to the basic SIM card function, it also has functions such as encryption and decryption, digital signature, etc. Integrate your phone with an e-wallet and turn it into a tool with the ability to pay.
  • a mobile phone can be used to make such a consumption mode: using the electronic wallet in the mobile phone for shopping and transfer, P0S (sales terminal) sends a bill to the mobile phone, the mobile phone user needs to confirm the bill, and then send the bill to the short message.
  • P0S sales terminal
  • the SMS server is the device that the bank is responsible for receiving short messages from the mobile phone. It is connected to the backend server (settlement network) of the bank. After receiving the bill in the short message of the user, the short message server will transfer the bill to the background server for settlement, and the background server will send the settlement result to the short message server through the network, and the short message server will send the settlement result to the mobile phone user by using the short message.
  • the backend server settlement network
  • the short message sent by the mobile phone lacks an effective means to identify the true identity of the sender, so that the recipient of the short message cannot judge the true identity of the sender.
  • the recipient of the short message can only see the sender's phone number, and it is obviously unreliable to authenticate the identity of the sender of the message by phone number.
  • the short message server cannot judge the true identity of the user 100% of the received short message.
  • the mobile phone user cannot correctly judge whether the sender is a bank or not by receiving the short message.
  • Such a trading model is also insecure and may be maliciously attacked by others, causing losses to users and banks. Summary of the invention
  • the technical problem to be solved by the present invention is to avoid the above-mentioned deficiencies of the prior art and to provide a method for identity authentication using short messages, which is shortly transmitted by the SIM card development kit STK (SIM TOOL KIT) of the mobile phone.
  • SIM card development kit STK SIM TOOL KIT
  • the sender's identity is added to the information, so that the receiver can accurately obtain the sender's true identity by verifying the identity in the short message, so that the above consumption mode becomes safe.
  • the solution to solve the above technical problem is to provide a method for authenticating an identity by using a short message, which is used for identity authentication between a mobile terminal and an electronic server during electronic payment or transfer, and is based on a mobile terminal and a short message server.
  • a short message communication system established between the server and the backend server, wherein the smart SIM card of the mobile terminal is a smart card having a wireless communication function, in addition to the ordinary S IM function, and has an encryption and digital signature function, the method includes the steps :
  • the mobile terminal operates the STK menu of the smart SIM card to edit or establish a short message and sends it to the smart SIM card. After the smart SIM card joins its own identity authentication identifier and the security data header, the short message is sent. Go to the mobile terminal, and then send it to the short message server by the mobile terminal;
  • the short message server After receiving the short message, the short message server verifies the signature of the identity authentication identifier in the short message, and sends the short message with successful verification to the background server for processing;
  • the short message server organizes the result processed by the background server into short information, adds its own identity authentication identifier signature, security data header, and processing identifier, and sends the result to the mobile terminal;
  • the mobile terminal identifies the received short message and confirms that it is a short message processed by the background server, and forwards it to the smart SIM card for processing;
  • the smart S IM card verifies the identity authentication identifier, and if the verification succeeds, the STK active command includes the short message content and sends the content to the mobile terminal; the verification failure sends the STK active command to include the verification failure information to the mobile terminal;
  • the short message content is completely stored in the smart SIM card.
  • the step of adding the identity authentication signature and the security data header in the step A further includes the following steps: A1.
  • the smart SIM card of the mobile terminal summarizes the content of the short message, and stores the content in the short message.
  • the private key of the department encrypts the digest to obtain the signature data;
  • A2 Attaching a security data header in front of the short message content according to GSM 03.48, and identifying the signature short message in the security data header field, and copying the signature data into the security data header;
  • the smart SIM card transmits the signature short message to the mobile terminal by using an active STK command.
  • the step of adding the identity authentication signature and the security data header in the step C further includes the following steps: C1.
  • the short message server summarizes the short message content, and encrypts the abstract by using the private key of the internal server to obtain a signature.
  • the short message server attaches a security data header in front of the short message content according to GSM 03.48, and identifies it as a signature short message in the security data header field, and then copies the signature data into the security data header;
  • the short message server sets the TP-PID field of the short message to be the SIM card processing identifier, and sets the TP-DCS field to Cl as s 2.
  • the mobile terminal in step D identifies the received short message, and further includes the following steps: after receiving the short message, the mobile terminal (101) determines the TP-PID and TP-DCS fields of the short message, if the TP-P The field identifier is a SIM card processing identifier, and the TP-DCS field is C las s2 , and the received short message is sent to the smart SIM card (102) through an ENVELOPE (SMS-PP DOWNLOAD) command.
  • SMS-PP DOWNLOAD ENVELOPE
  • the intelligent SIM card in step E verifies the identity authentication identifier, and further includes the steps of:
  • the intelligent SIM card analyzes a field in the secure data header of the short message according to the GSM 03.48 protocol, and determines whether it is a signature short message, and if so, reads the signature data;
  • the smart S IM card verifies the signature information in the short message by using the sender's public key, that is, the ID card authentication ID of the short message server.
  • the signature short message sending end - the mobile terminal and the short message server store respective identity authentication identification information; the signature short message receiving end mobile terminal and the short server store or can obtain the identity card authentication identification information of the other party.
  • the smart SIM card includes an integrated card and a device that relies on the SIM card body to implement the expansion of the original SIM card into an electronic wallet and has an encryption and decryption function.
  • the short message identity authentication identifier is a digital signature, and the algorithm for generating and verifying the signature includes an ECC and/or RSA algorithm.
  • the identity verification and signature verification of the ID card for the short message by the mobile terminal is completed in its smart SIM card.
  • the beneficial effect of the present invention is that: the mobile phone can accurately know the identity of the sender by sending a bill message with the sender signature information to the bank, and the bank can verify the identity of the sender, thereby The bill in the box performs a secure operation on the user account.
  • the bank can send a text message with its signature information to the user, telling the user about the operation of his account. After receiving the SMS with the bank signature, the user's mobile phone verifies the signature, so that the user can safely know the status of his account.
  • Figure 1 is a schematic diagram of the implementation of the present invention
  • FIG. 2 is a flow chart of the mobile terminal, such as a mobile phone signature short message transmission, according to the present invention
  • FIG. 3 is a flow chart of the short message receiving and transmitting short message of the short message server according to the present invention
  • FIG. 4 is a flow chart of receiving a short message of a mobile terminal, such as a mobile phone, according to the present invention.
  • the method for authenticating an identity authentication using the short message of the present invention is: based on a mobile terminal
  • the smart SIM card 102 of the mobile terminal 101 has an encryption and digital signature function in addition to the ordinary SIM function, and is characterized by the steps of:
  • the mobile terminal 101 operates the STK menu editing of the smart SIM card 102 or establishes a short message to be sent to the smart SIM card 102, and the smart SIM card 102 adds its own identity authentication identifier and After the security data header, the short message is sent to the mobile terminal 101, and then sent by the mobile terminal 101 to the short message server 103;
  • the short message server 1 03 after receiving the short message, verify the signature of the identity authentication identifier in the short message, and send the short message with successful verification to the background server 104 for processing;
  • the short message server 103 organizes the result processed by the background server 104 into short information, adds its own identity authentication identifier signature, security data header and processing identifier, and sends it to the mobile terminal 101;
  • the mobile terminal 101 identifies the received short message and confirms that it is the short message processed by the background server 104, and forwards it to the smart SIM card 102 for processing;
  • the smart S IM card 102 verifies the identity authentication identifier, and if the verification succeeds, the ST active command includes the short message content sent to the mobile terminal 101; the verification failure sends the STK active command to include the verification failure information to the mobile terminal 101;
  • the short message content is completely stored in the smart SIM card 102.
  • the step of adding the identity authentication signature and the security data header in the step A further includes the following steps: A1. After the smart SIM card 102 of the mobile terminal 101 summarizes the short message content, the private key pair stored in the internal Encryption to obtain signature data;
  • A2 Attaching a security data header in front of the short message content according to GSM 03.48, and identifying the signature short message in the security data header field, and copying the signature data into the security data header;
  • the smart SIM card 102 transmits the signature short message to the mobile terminal 101 by an active STK command.
  • the step of adding the identity authentication signature and the security data header in the step C further includes the following steps: C1.
  • the short message server 1300 summarizes the short message content, and encrypts the abstract by using the private key of the internal server. Obtain signature data;
  • the short message server 1300 attaches a security data header in front of the short message content according to GSM 03.48, and identifies it as a signature short message in the security data header field, and then copies the signature data into the security data header. ; C3.
  • the short message server 103 sets the TP-PID field identifier of the short message as the SIM card processing identifier, and sets the TP-DCS field to C las s 2.
  • the mobile terminal 101 identifies the received short message in step D, and further includes the following steps: after receiving the short message, the mobile terminal 101 determines a TP-PID and a TP-DCS field of the short message, such as a ⁇ TP-PID
  • the field identifier is a SIM card processing identifier
  • the TP-DCS field is C las s 2
  • the received short message is sent to the smart SIM card 102 through an ENVELOPE (SMS-PP DOWNLOAD) command.
  • the smart S IM card 102 in step E verifies the identity authentication identifier, and further includes the steps of:
  • the smart SIM card 102 analyzes a field in the secure data header of the short message according to the GSM 03.48 protocol, and determines whether it is a signature short message, and if so, reads the signature data;
  • the smart S IM card 102 verifies the signature information in the short message using the sender's public key, that is, the identity card authentication identifier of the short message server 103.
  • the signature short message transmitting end - the mobile terminal 101 and the short message server 103 store respective identity authentication identification information; the signature short message receiving end - the mobile terminal 101 and the short server 103 store or can obtain the identity card authentication identifier of the other party information.
  • the smart SIM card 102 includes an integrated card and a device that relies on the SIM card body to implement the expansion of the original SIM card into an electronic wallet and has an encryption and decryption function.
  • the short message identity authentication identifier is a digital signature, and the algorithm for generating and verifying the signature includes an ECC and/or RSA algorithm.
  • the ID card authentication identification signature and signature verification of the short message by the mobile terminal 101 is completed in its smart SIM card 102.
  • the implementation steps of the mobile phone user signature short message transmission are:
  • the short message content of the smart SIM card 102 menu is operated by the mobile terminal 101 to establish short message content;
  • step 202 of FIG. 2 after the smart S IM card 102 obtains the short message content, after summarizing the short message content, the digest is signed by using the private key stored in the smart SIM card 102;
  • step 203 of FIG. 1 the security data header is added in front of the short message data according to the GSM03.48 protocol, and the signature flag and the signature data are added in the security data header;
  • the smart SIM card 102 transmits a short message to the mobile terminal 101 via the STK active command.
  • step 205 of FIG. 1 the mobile terminal 101 completes the sending of the short message to the short message server 103.
  • the steps for receiving and sending SMS SMS signature SMS are:
  • the short message server 103 receives the signature short message
  • the short message server 103 analyzes the secure data header of the short message according to the GSM03.48 protocol. If it is a signed SMS, the signature data is read.
  • step 303 of FIG. 3 after the short message server 103 reads the signature data, it immediately verifies the signature using the sender's public key.
  • step 304 of FIG. 3 if the signature verification is successful, the content of the 4 bar short message is transmitted to the background server 104, and the corresponding operation is performed by the background server 104, and the operation result is returned to the short message server 103.
  • the short message server 103 organizes the received operation result as a short message content.
  • the short message server 103 performs a post-sum signature on the short message content by using its private key
  • the short message server 103 adds a security data header in front of the short message data according to the GSM03.48 protocol, and adds a signature flag and signature data to the security data header;
  • the short message server 103 sets the TP-PID field in the short message protocol data unit to process the short message for the SIM card;
  • the short message server 103 sets the TP-DCS field in the short message protocol data unit to Class 2;
  • the short message server 103 sends a short message to the mobile phone user.
  • the implementation steps of the mobile phone user signature short message receiving are:
  • the mobile terminal 101 receives the signature short message
  • the mobile terminal 101 finds that the TP-DCS of the short message is C las s
  • the TP-PID processes the short message for the S IM card, and uses the received short message ENVELOPE (SMS-PP)
  • the DOWNLOAD command is sent to the smart SIM card 102.
  • the smart SIM card 102 analyzes the secure data header of the short message according to the GSM03.48 protocol. If the signature is a short message, the signature data is read.
  • step 404 of FIG. 4 after the smart SIM card 102 reads the signature data, the signature is verified using the sender's public key.
  • step 405 of FIG. 4 if the signature verification is successful, the smart SIM card 102 transmits the content of the short message to the mobile terminal 101 through the STK active command.
  • step 4 of FIG. 406 if the signature verification fails, the smart SIM card 102 sends a "verification failed" message to the mobile terminal 101 via the STK active command.
  • the mobile terminal 101 receives the active command, and displays the short message or the verification failure information on its interface.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An identity authentication method using short messages is used in the identity authentication between a mobile terminal (101) and the bank server when electric payment or account transfer is performed, and is used in the short message communication system established among the mobile terminal (101), the short message server (103) and the background server (104). Besides the common SIM function, the intelligent SIM card (101) of the mobile terminal (101) has the encryption and digital signature function. By adding the identity authentication identification of the sender into the sent message by the SIM card of the mobile terminal and the short message server (103), the receiver is able to obtain the actual identity of the sender correctly by authenticating the identity identification in the short message. The advantageous effect of the present invention is that: by sending the short message having the signature information of the sender to the opposite party, and authenticating the signature by the receiver, the mobile terminal or the bank can know the identity of the sender correctly, so as to ensure the security of the payment consumption of the mobile terminal.

Description

说 明 书  Description
利用短信息进行身份认证的方法  Method for authenticating identity using short messages
技术领域 Technical field
本发明涉及连同机器一起使用的记录载体, 特别涉及带有半导体电路元 件的记录载体, 尤其是涉及利用短信息进行身份证认证的方法。 背景技术  Field of the Invention This invention relates to record carriers for use with machines, and more particularly to record carriers with semiconductor circuit components, and more particularly to methods for authenticating ID cards using short messages. Background technique
随着技术发展, 可以通过多种方法在移动终端, 特别是在普通移动电话 With the development of technology, there are many ways to use mobile terminals, especially on ordinary mobile phones.
(以下简称 "手机,,) 内的 S IM卡 ( subscr iber ident i ty model )增加各种 智能电路模块, 使之除了有基本的 SIM卡功能外, 还具有加解密, 数字签名 等功能, 从而使手机集成了电子钱包, 变为具有支付能力的工具。 (hereinafter referred to as "mobile phone,") The SIM card (subscr iber ident i ty model) adds various intelligent circuit modules, in addition to the basic SIM card function, it also has functions such as encryption and decryption, digital signature, etc. Integrate your phone with an e-wallet and turn it into a tool with the ability to pay.
目前使用手机可进行这样一种消费模式: 利用手机中的电子钱包进行购 物和转账, P0S (销售终端)发送账单给手机, 手机用户需要对这张账单进行 确认, 然后用短信息把账单发送给银行短信服务器。  Currently, a mobile phone can be used to make such a consumption mode: using the electronic wallet in the mobile phone for shopping and transfer, P0S (sales terminal) sends a bill to the mobile phone, the mobile phone user needs to confirm the bill, and then send the bill to the short message. Bank SMS server.
短信服务器是银行负责接收手机短信息的设备, 它与银行的后台服务器 (结算网络)相连。 短信服务器收到用户短信息中的账单后, 会把账单传送 到后台服务器进行结算, 后台服务器把结算结果通过网络传给短信服务器, 由短信服务器把结算结果用短信发送给手机用户。  The SMS server is the device that the bank is responsible for receiving short messages from the mobile phone. It is connected to the backend server (settlement network) of the bank. After receiving the bill in the short message of the user, the short message server will transfer the bill to the background server for settlement, and the background server will send the settlement result to the short message server through the network, and the short message server will send the settlement result to the mobile phone user by using the short message.
但目前手机发送的短信缺乏有效手段标识发送者的真实身份, 从而使短 信的接收者无法判断发送者的真实身份。 短信息的接收者只能看到发送者的 电话号码, 而通过电话号码来对短信发送者的身份进行认证显然是不可靠的。  However, at present, the short message sent by the mobile phone lacks an effective means to identify the true identity of the sender, so that the recipient of the short message cannot judge the true identity of the sender. The recipient of the short message can only see the sender's phone number, and it is obviously unreliable to authenticate the identity of the sender of the message by phone number.
因此短信服务器对接收到的短信息,不能 100%的对用户的真实身份做出判 断。 手机用户通过接收到的短信, 也不能正确判断发送者是银行。 这样的交 易模式也是不安全的, 有可能被其他人恶意攻击, 给用户和银行造成损失。 发明内容 Therefore, the short message server cannot judge the true identity of the user 100% of the received short message. The mobile phone user cannot correctly judge whether the sender is a bank or not by receiving the short message. Such a trading model is also insecure and may be maliciously attacked by others, causing losses to users and banks. Summary of the invention
本发明要解决的技术问题在于避免上述现有技术的不足之处而提供一种 利用短信息进行身份认证的方法,通过手机的 S IM卡开发工具包 STK( S IM TOOL K I T )在发送的短信息中增加发送者的身份标识(数字签名), 从而使接收者通 过对短信息中身份标识的验证能准确得到发送者的真实身份, 使上述消费模 式变得安全。  The technical problem to be solved by the present invention is to avoid the above-mentioned deficiencies of the prior art and to provide a method for identity authentication using short messages, which is shortly transmitted by the SIM card development kit STK (SIM TOOL KIT) of the mobile phone. The sender's identity (digital signature) is added to the information, so that the receiver can accurately obtain the sender's true identity by verifying the identity in the short message, so that the above consumption mode becomes safe.
本发明为解决上述技术问题提出的方案是, 提供一种利用短信息进行身份 认证的方法, 用于移动终端进行电子支付或转账时与银行服务器之间的身份 认证, 并基于移动终端、 短信服务器和后台服务器间建立的短信息通信系统, 所述移动终端的智能 S IM卡是一种拥有无线通信功能的智能卡除具有普通 S IM 功能外, 还具有加密与数字签名功能, 所述方法包括步骤:  The solution to solve the above technical problem is to provide a method for authenticating an identity by using a short message, which is used for identity authentication between a mobile terminal and an electronic server during electronic payment or transfer, and is based on a mobile terminal and a short message server. And a short message communication system established between the server and the backend server, wherein the smart SIM card of the mobile terminal is a smart card having a wireless communication function, in addition to the ordinary S IM function, and has an encryption and digital signature function, the method includes the steps :
A.所述移动终端操作智能 S IM卡的 STK菜单编辑或建立短信息发送至智 能 S IM卡, 由该智能 S IM卡加入自身的身份认证标识签名和安全数据头后, 将该短信息发送到移动终端, 再由所述的移动终端将其发送至短信服务器; A. The mobile terminal operates the STK menu of the smart SIM card to edit or establish a short message and sends it to the smart SIM card. After the smart SIM card joins its own identity authentication identifier and the security data header, the short message is sent. Go to the mobile terminal, and then send it to the short message server by the mobile terminal;
B.所述短信服务器收到该短信息后, 对该短信息中身份认证标识签名进 行验证, 并将验证成功的短信息, 交后台服务器处理; B. After receiving the short message, the short message server verifies the signature of the identity authentication identifier in the short message, and sends the short message with successful verification to the background server for processing;
C.所述短信服务器将所述后台服务器处理的结果组织成短信息, 加入其 自身的身份认证标识签名、 安全数据头以及处理标识符后, 发送给所述移动 终端;  C. The short message server organizes the result processed by the background server into short information, adds its own identity authentication identifier signature, security data header, and processing identifier, and sends the result to the mobile terminal;
D.所述移动终端对收到的短信息进行识别, 确认为后台服务器处理的短 信息时, 即将其转发给所述智能 S IM卡处理;  D. The mobile terminal identifies the received short message and confirms that it is a short message processed by the background server, and forwards it to the smart SIM card for processing;
E.所述智能 S IM卡对身份认证标识签名进行验证, 验证成功即发送 STK 主动命令包含该短信息内容发给移动终端; 验证失败发送 STK 主动命令包含 验证失败信息给移动终端;  E. The smart S IM card verifies the identity authentication identifier, and if the verification succeeds, the STK active command includes the short message content and sends the content to the mobile terminal; the verification failure sends the STK active command to include the verification failure information to the mobile terminal;
F.所述短信息内容被完整地存储在智能 S IM卡中。  F. The short message content is completely stored in the smart SIM card.
步骤 A中所述加入自身的身份认证标识签名和安全数据头, 还包括步骤: A1.所述移动终端的智能 S IM卡对所述短信息内容摘要, 利用储存在其内 部的私钥对摘要进行加密, 得到签名数据; The step of adding the identity authentication signature and the security data header in the step A further includes the following steps: A1. The smart SIM card of the mobile terminal summarizes the content of the short message, and stores the content in the short message. The private key of the department encrypts the digest to obtain the signature data;
A2.在该短信息内容的前面按照 GSM 03. 48附加安全数据头, 并在该安全 数据头字段里面标识为签名短信息, 再把所述签名数据复制到该安全数据头 中;  A2. Attaching a security data header in front of the short message content according to GSM 03.48, and identifying the signature short message in the security data header field, and copying the signature data into the security data header;
A3.所述智能 SIM卡通过主动式 STK命令把所述的签名短信息传送给该移 动终端。  A3. The smart SIM card transmits the signature short message to the mobile terminal by using an active STK command.
步骤 C中所述加入自身的身份认证标识签名和安全数据头, 还包括步骤: C1.所述短信服务器对所述短消息内容进行摘要, 并利用内部服务器的私 钥对摘要进行加密, 得到签名数据;  The step of adding the identity authentication signature and the security data header in the step C further includes the following steps: C1. The short message server summarizes the short message content, and encrypts the abstract by using the private key of the internal server to obtain a signature. Data
C2.所述短信服务器在该短信息内容的前面按照 GSM 03. 48 附加安全数据 头, 并在安全数据头字段里面标识为签名短信息, 再把所述签名数据复制到 安全数据头内;  C2. The short message server attaches a security data header in front of the short message content according to GSM 03.48, and identifies it as a signature short message in the security data header field, and then copies the signature data into the security data header;
C3.短信服务器设置该短信息的 TP-PID字段标识为 S IM卡处理标识, 设置 TP-DCS字段为 Cl as s 2。  C3. The short message server sets the TP-PID field of the short message to be the SIM card processing identifier, and sets the TP-DCS field to Cl as s 2.
步骤 D中所述移动终端对收到的短信息进行识别, 还包括步骤: 所述移动终端 ( 101 ) 收到短信息后, 判断短信息的 TP- PID和 TP- DCS字 段, 如果 TP- PID字段标识是 SIM卡处理标识, TP- DCS字段为 C las s2 , 就把 收到的短信息通过 ENVELOPE (SMS-PP DOWNLOAD)命令发送给所述智能 S IM卡 ( 102 )。  The mobile terminal in step D identifies the received short message, and further includes the following steps: after receiving the short message, the mobile terminal (101) determines the TP-PID and TP-DCS fields of the short message, if the TP-P The field identifier is a SIM card processing identifier, and the TP-DCS field is C las s2 , and the received short message is sent to the smart SIM card (102) through an ENVELOPE (SMS-PP DOWNLOAD) command.
步骤 E中所述智能 S IM卡对身份认证标识进行验证, 还包括步骤: The intelligent SIM card in step E verifies the identity authentication identifier, and further includes the steps of:
E1.所述智能 S IM卡根据 GSM 03. 48协议分析短信息的安全数据头中的字 段,判断是否为签名短信息,如是,即读取签名数据; E1. The intelligent SIM card analyzes a field in the secure data header of the short message according to the GSM 03.48 protocol, and determines whether it is a signature short message, and if so, reads the signature data;
E2.所述智能 S IM卡使用发送者的公钥,即短信服务器的身份证认证标识对 短信息中的签名信息进行验证。  E2. The smart S IM card verifies the signature information in the short message by using the sender's public key, that is, the ID card authentication ID of the short message server.
所述签名短信息发送端——移动终端和短信服务器存储有各自的身份认 证标识信息; 签名短信息接收端 移动终端和短服务器存储有或者能够得 到对方的身份证认证标识信息。 所述智能 SIM卡包括一体卡和依赖于 SIM卡体以实现原有 SIM卡扩展为电 子钱包以及拥有加、 解密功能的设备。 The signature short message sending end - the mobile terminal and the short message server store respective identity authentication identification information; the signature short message receiving end mobile terminal and the short server store or can obtain the identity card authentication identification information of the other party. The smart SIM card includes an integrated card and a device that relies on the SIM card body to implement the expansion of the original SIM card into an electronic wallet and has an encryption and decryption function.
所述对短信息身份认证标识签名为数字签名, 其生成和验证签名的算法包 括 ECC和 /或 RSA算法。  The short message identity authentication identifier is a digital signature, and the algorithm for generating and verifying the signature includes an ECC and/or RSA algorithm.
所述移动终端对短信息的身份证认证标识签名和签名验证是在其智能 S IM 卡内完成的。  The identity verification and signature verification of the ID card for the short message by the mobile terminal is completed in its smart SIM card.
与现有技术相比较, 本发明的有益效杲在于: 手机通过发送带有发送者签 名信息的账单短信给银行, 银行验证短信中的签名信息, 就可以准确知道发 送者的身份, 从而根据短信中的账单对用户帐户进行安全操作。 同样银行可 以发送带有其签名信息的短信给用户, 告诉用户其账户操作情况。 用户手机 接收到带有银行签名的短信之后, 对签名进行验证, 从而能使用户安全地得 知其账户状况。  Compared with the prior art, the beneficial effect of the present invention is that: the mobile phone can accurately know the identity of the sender by sending a bill message with the sender signature information to the bank, and the bank can verify the identity of the sender, thereby The bill in the box performs a secure operation on the user account. Similarly, the bank can send a text message with its signature information to the user, telling the user about the operation of his account. After receiving the SMS with the bank signature, the user's mobile phone verifies the signature, so that the user can safely know the status of his account.
附图说明 DRAWINGS
图 1是本发明实施原理图;  Figure 1 is a schematic diagram of the implementation of the present invention;
图 2是本发明所述移动终端, 例如手机签名短信息发送流程图; 图 3是本发明所述短信服务器签名短信息接收和发送流程图;  2 is a flow chart of the mobile terminal, such as a mobile phone signature short message transmission, according to the present invention; FIG. 3 is a flow chart of the short message receiving and transmitting short message of the short message server according to the present invention;
图 4是本发明所述移动终端, 例如手机签名短信息接收流程图; 具体实施方式  4 is a flow chart of receiving a short message of a mobile terminal, such as a mobile phone, according to the present invention;
下面, 结合附图所示之优选实施例进一步阐述本发明。  In the following, the invention will be further elucidated with reference to preferred embodiments shown in the drawings.
参见图 1 , 本发明利用短信息进行身份认证的方法实施是: 基于移动终端 Referring to FIG. 1, the method for authenticating an identity authentication using the short message of the present invention is: based on a mobile terminal
101、 短信服务器 103和后台服务器 104之间建立的短信息通信系统, 所述移 动终端 101的智能 SIM卡 102除具有普通 SIM功能外, 还具有加密与数字签 名功能, 其特征在于包括步骤: 101. A short message communication system established between the short message server 103 and the background server 104. The smart SIM card 102 of the mobile terminal 101 has an encryption and digital signature function in addition to the ordinary SIM function, and is characterized by the steps of:
A.所述移动终端 101操作智能 SIM卡 102的 STK菜单编辑或建立短信息 发送至智能 S IM卡 102 ,由该智能 SIM卡 102加入自身的身份认证标识签名和 安全数据头后, 将该短信息发送到移动终端 101 , 再由所述的移动终端 101将 其发送至短信服务器 103; A. The mobile terminal 101 operates the STK menu editing of the smart SIM card 102 or establishes a short message to be sent to the smart SIM card 102, and the smart SIM card 102 adds its own identity authentication identifier and After the security data header, the short message is sent to the mobile terminal 101, and then sent by the mobile terminal 101 to the short message server 103;
B.所述短信服务器 1 03 收到该短信息后, 对该短信息中身份认证标识签 名进行验证, 并将验证成功的短信息, 交后台服务器 104处理;  B. The short message server 1 03, after receiving the short message, verify the signature of the identity authentication identifier in the short message, and send the short message with successful verification to the background server 104 for processing;
C.所述短信服务器 103将所述后台服务器 104处理的结果组织成短信息, 加入其自身的身份认证标识签名、 安全数据头以及处理标识符后, 发送给所 述移动终端 1 01 ;  C. The short message server 103 organizes the result processed by the background server 104 into short information, adds its own identity authentication identifier signature, security data header and processing identifier, and sends it to the mobile terminal 101;
D.所述移动终端 101 对收到的短信息进行识别, 确认为后台服务器 104 处理的短信息时, 即将其转发给所述智能 S IM卡 102处理;  D. The mobile terminal 101 identifies the received short message and confirms that it is the short message processed by the background server 104, and forwards it to the smart SIM card 102 for processing;
E.所述智能 S IM卡 102对身份认证标识签名进行验证, 验证成功即发送 ST 主动命令包含该短信息内容发给移动终端 101 ; 验证失败发送 STK主动命 令包含验证失败信息给移动终端 101 ;  E. The smart S IM card 102 verifies the identity authentication identifier, and if the verification succeeds, the ST active command includes the short message content sent to the mobile terminal 101; the verification failure sends the STK active command to include the verification failure information to the mobile terminal 101;
F.所述短信息内容被完整地存储在智能 S IM卡 102中。  F. The short message content is completely stored in the smart SIM card 102.
步骤 A中所述加入自身的身份认证标识签名和安全数据头, 还包括步骤: A1.所述移动终端 101的智能 SIM卡 102对短信内容进行摘要后, 利用储 存在其内部的私钥对摘要进行加密,得到签名数据;  The step of adding the identity authentication signature and the security data header in the step A further includes the following steps: A1. After the smart SIM card 102 of the mobile terminal 101 summarizes the short message content, the private key pair stored in the internal Encryption to obtain signature data;
A2.在该短信息内容的前面按照 GSM 03. 48附加安全数据头, 并在该安全 数据头字段里面标识为签名短信息, 再把所述签名数据复制到该安全数据头 中;  A2. Attaching a security data header in front of the short message content according to GSM 03.48, and identifying the signature short message in the security data header field, and copying the signature data into the security data header;
A3.所述智能 S IM卡 102通过主动式 STK命令把所述的签名短信息传送给 该移动终端 1 01。  A3. The smart SIM card 102 transmits the signature short message to the mobile terminal 101 by an active STK command.
步骤 C中所述加入自身的身份认证标识签名和安全数据头, 还包括步骤: C1.所述短信服务器 1 03对所述短消息内容进行摘要, 并利用内部服务器 的私钥对摘要进行加密,得到签名数据;  The step of adding the identity authentication signature and the security data header in the step C further includes the following steps: C1. The short message server 1300 summarizes the short message content, and encrypts the abstract by using the private key of the internal server. Obtain signature data;
C2.所述短信服务器 1 03在该短信息内容的前面按照 GSM 03. 48附加安全 数据头, 并在安全数据头字段里面标识为签名短信息, 再把所述签名数据复 制到安全数据头内; C3.短信服务器 103设置该短信息的 TP-PID字段标识为 S IM卡处理标识, 设置 TP-DCS字段为 C las s 2。 C2. The short message server 1300 attaches a security data header in front of the short message content according to GSM 03.48, and identifies it as a signature short message in the security data header field, and then copies the signature data into the security data header. ; C3. The short message server 103 sets the TP-PID field identifier of the short message as the SIM card processing identifier, and sets the TP-DCS field to C las s 2.
步骤 D中所述移动终端 101对收到的短信息进行识别, 还包括步骤: 所述移动终端 101收到短信息后, 判断短信息的 TP- PID和 TP- DCS字段, 如杲 TP-PID字段标识是 SIM卡处理标识, TP-DCS字段为 C las s 2 , 就把收到 的短信息通过 ENVELOPE (SMS-PP DOWNLOAD)命令发送给所述智能 SIM卡 102。  The mobile terminal 101 identifies the received short message in step D, and further includes the following steps: after receiving the short message, the mobile terminal 101 determines a TP-PID and a TP-DCS field of the short message, such as a 杲TP-PID The field identifier is a SIM card processing identifier, and the TP-DCS field is C las s 2 , and the received short message is sent to the smart SIM card 102 through an ENVELOPE (SMS-PP DOWNLOAD) command.
步骤 E中所述智能 S IM卡 102对身份认证标识进行验证, 还包括步骤: The smart S IM card 102 in step E verifies the identity authentication identifier, and further includes the steps of:
E1.所述智能 SIM卡 102根据 GSM 03. 48协议分析短信息的安全数据头中 的字段,判断是否为签名短信息,如是,即读取签名数据; E1. The smart SIM card 102 analyzes a field in the secure data header of the short message according to the GSM 03.48 protocol, and determines whether it is a signature short message, and if so, reads the signature data;
E2.所述智能 S IM卡 102使用发送者的公钥,即短信服务器 1 03的身份证 认证标识对短信息中的签名信息进行验证。  E2. The smart S IM card 102 verifies the signature information in the short message using the sender's public key, that is, the identity card authentication identifier of the short message server 103.
所述签名短信息发送端——移动终端 101和短信服务器 103存储有各自 的身份认证标识信息; 签名短信息接收端——移动终端 101 和短服务器 103 存储有或者能够得到对方的身份证认证标识信息。  The signature short message transmitting end - the mobile terminal 101 and the short message server 103 store respective identity authentication identification information; the signature short message receiving end - the mobile terminal 101 and the short server 103 store or can obtain the identity card authentication identifier of the other party information.
所述智能 S IM卡 102 包括一体卡和依赖于 SIM卡体以实现原有 S IM卡扩 展为电子钱包以及拥有加、 解密功能的设备。  The smart SIM card 102 includes an integrated card and a device that relies on the SIM card body to implement the expansion of the original SIM card into an electronic wallet and has an encryption and decryption function.
所述对短信息身份认证标识签名为数字签名, 其生成和验证签名的算法 包括 ECC和 /或 RSA算法。  The short message identity authentication identifier is a digital signature, and the algorithm for generating and verifying the signature includes an ECC and/or RSA algorithm.
所述移动终端 101 对短信息的身份证认证标识签名和签名验证是在其智 能 SIM卡 102内完成的。  The ID card authentication identification signature and signature verification of the short message by the mobile terminal 101 is completed in its smart SIM card 102.
参考图示 2 , 手机用户签名短信息发送的实施步骤是:  Referring to the figure 2, the implementation steps of the mobile phone user signature short message transmission are:
A.如图 1步骤 201所示, 利用移动终端 101操作智能 SIM卡 102菜单的 短信息菜单项建立短信息内容;  A. As shown in step 201 of FIG. 1, the short message content of the smart SIM card 102 menu is operated by the mobile terminal 101 to establish short message content;
B.如图 2步骤 202所示, 智能 S IM卡 1 02获取到短信息内容之后, 对短 信息内容进行摘要后,利用存储在智能 S IM卡 102 内部的私钥对摘要进行签 名; C.如图 1步驟 203所示, 在短消息数据前面按照 GSM03.48协议加上安全 数据头, 并在安全数据头中添加签名标志和签名数据; B. As shown in step 202 of FIG. 2, after the smart S IM card 102 obtains the short message content, after summarizing the short message content, the digest is signed by using the private key stored in the smart SIM card 102; C. As shown in step 203 of FIG. 1, the security data header is added in front of the short message data according to the GSM03.48 protocol, and the signature flag and the signature data are added in the security data header;
D.如图 2步骤 204所示, 智能 SIM卡 102通过 STK主动式命令将短消息 发送给移动终端 101。  D. As shown in step 204 of FIG. 2, the smart SIM card 102 transmits a short message to the mobile terminal 101 via the STK active command.
E.如图 1步骤 205所示, 移动终端 101完成短信息向短信服务器 103的 发送;  E. As shown in step 205 of FIG. 1, the mobile terminal 101 completes the sending of the short message to the short message server 103.
参考图 3, 短信服务器签名短信接收和发送的实施步骤是:  Referring to Figure 3, the steps for receiving and sending SMS SMS signature SMS are:
A.如图 3步驟 301所示, 短信服务器 103收到签名短信;  A. As shown in step 301 of FIG. 3, the short message server 103 receives the signature short message;
B.如图 3步骤 302所示, 短信服务器 103收到短信后, 根据 GSM03.48协 议分析短消息的安全数据头。 如果为签名短信, 则读取签名数据。  B. As shown in step 302 of FIG. 3, after receiving the short message, the short message server 103 analyzes the secure data header of the short message according to the GSM03.48 protocol. If it is a signed SMS, the signature data is read.
C.如图 3步骤 303所示, 短信服务器 103读取到签名数据后, 立即使用 发送者的公钥对签名进行验证。  C. As shown in step 303 of FIG. 3, after the short message server 103 reads the signature data, it immediately verifies the signature using the sender's public key.
D.如图 3步骤 304所示, 如果签名验证成功, 则 4巴短信的内容传送到后 台服务器 104, 由后台服务器 104进行相应操作, 并返回操作结杲给短信服务 器 103。  D. As shown in step 304 of FIG. 3, if the signature verification is successful, the content of the 4 bar short message is transmitted to the background server 104, and the corresponding operation is performed by the background server 104, and the operation result is returned to the short message server 103.
E.如图 3步骤 305所示, 短信服务器 103把收到的操作结果组织为发送 短信内容。  E. As shown in step 305 of FIG. 3, the short message server 103 organizes the received operation result as a short message content.
F.如图 3步骤 306所示, 短信服务器 103利用其私钥对短信息内容进行 摘要后签名;  F. As shown in step 306 of FIG. 3, the short message server 103 performs a post-sum signature on the short message content by using its private key;
G.如图 3步骤 307所示,短信服务器 103在短消息数据前面按照 GSM03.48 协议加上安全数据头, 并在安全数据头中添加签名标志和签名数据;  G. As shown in step 307 of FIG. 3, the short message server 103 adds a security data header in front of the short message data according to the GSM03.48 protocol, and adds a signature flag and signature data to the security data header;
H.如图 3 步骤 308 所示, 短信服务器 103设置短消息协议数据单元中 TP-PID字段为 SIM卡处理短消息;  H. As shown in step 308 of FIG. 3, the short message server 103 sets the TP-PID field in the short message protocol data unit to process the short message for the SIM card;
I.如图 3 步骤 309 所示, 短信服务器 103设置短消息协议数据单元中 TP-DCS字段为 Class 2;  I. As shown in step 309 of FIG. 3, the short message server 103 sets the TP-DCS field in the short message protocol data unit to Class 2;
J.如图 3步骤 310所示, 短信服务器 103发送短消息给手机用户。 参考图 4 , 手机用户签名短信息接收的实施步骤是: J. As shown in step 310 of FIG. 3, the short message server 103 sends a short message to the mobile phone user. Referring to FIG. 4, the implementation steps of the mobile phone user signature short message receiving are:
Α.如图 4步骤 401所示, 在移动终端 101收到签名短信;  Α. As shown in step 401 of FIG. 4, the mobile terminal 101 receives the signature short message;
Β.如图 4 步骤 402 所示, 移动终端 101 发现短信的 TP- DCS 为 C las s Β As shown in step 402 of FIG. 4, the mobile terminal 101 finds that the TP-DCS of the short message is C las s
2, TP-PID为 S IM卡处理短消息, 则把接收到的短消息使用 ENVELOPE (SMS-PP2. The TP-PID processes the short message for the S IM card, and uses the received short message ENVELOPE (SMS-PP)
DOWNLOAD)命令发送到智能 S IM卡 102。 The DOWNLOAD) command is sent to the smart SIM card 102.
C.如图 4步 403所示, 智能 S IM卡 102收到短信后, 根据 GSM03. 48协 议分析短消息的安全数据头。 如杲为签名短信, 则读取签名数据。  C. As shown in step 403 of FIG. 4, after receiving the short message, the smart SIM card 102 analyzes the secure data header of the short message according to the GSM03.48 protocol. If the signature is a short message, the signature data is read.
D.如图 4步骤 404所示, 智能 S IM卡 1 02读取到签名数据后, 立即使用 发送者的公钥对签名进行验证。  D. As shown in step 404 of FIG. 4, after the smart SIM card 102 reads the signature data, the signature is verified using the sender's public key.
E.如图 4步骤 405所示, 如果签名验证成功, 智能 S IM卡 102则通过 STK 主动式命令把短信的内容发送给移动终端 101。  E. As shown in step 405 of FIG. 4, if the signature verification is successful, the smart SIM card 102 transmits the content of the short message to the mobile terminal 101 through the STK active command.
F.如图 4步 406所示, 如果签名验证失败, 智能 S IM卡 102则通过 STK 主动式命令把 "验证失败" 的消息发给移动终端 101。  F. As shown in step 4 of FIG. 406, if the signature verification fails, the smart SIM card 102 sends a "verification failed" message to the mobile terminal 101 via the STK active command.
G.如图 4步骤 407所示, 移动终端 1 01接收到主动式命令, 显示短信或 验证失败信息在其界面上。  G. As shown in step 407 of FIG. 4, the mobile terminal 101 receives the active command, and displays the short message or the verification failure information on its interface.
上述实现过程为本发明优选实现过程, 本领域的技术人员在本发明的基 础上进行的通常变化和替换包含在本发明的保护范围之内。  The above-described implementation process is a preferred implementation process of the present invention, and the usual changes and substitutions made by those skilled in the art on the basis of the present invention are included in the protection scope of the present invention.

Claims

权 利 要 求 书 Claim
1.一种利用短信息进行身份认证的方法, 用于移动终端 (101 )进行电子 支付或转账时与银行服务器之间的身份认证, 并基于移动终端 (101 )、 短信 服务器 (103) 和后台服务器 (104)之间建立的短信息通信系统, 所述移动 终端 ( 101 ) 的智能 SIM卡 ( 102 ) 除具有普通 SIM功能外, 还具有加密与数 字签名功能, 其特征在于包括步骤: A method for authenticating an identity using a short message, which is used for identity authentication between a mobile terminal (101) and an electronic server during electronic payment or transfer, and based on a mobile terminal (101), a short message server (103), and a background A short message communication system established between the servers (104), the smart SIM card (102) of the mobile terminal (101) has an encryption and digital signature function in addition to the ordinary SIM function, and is characterized by the steps of:
A.所述移动终端 ( 101 )操作智能 SIM卡 ( 102 ) 的 STK菜单编辑或建立 短信息发送至智能 SIM卡(102), 由该智能 SIM卡(102)加入自身的身份认 证标识签名和安全数据头后, 将该短信息发送到移动终端 (101 ), 再由所述 的移动终端 ( 101 )将其发送至短信服务器 ( 103 );  A. The mobile terminal (101) operates the STK menu editing of the smart SIM card (102) or sends a short message to the smart SIM card (102), and the smart SIM card (102) adds its own identity authentication signature and security. After the data header, the short message is sent to the mobile terminal (101), and then sent by the mobile terminal (101) to the short message server (103);
B.所述短信服务器(103)收到该短信息后, 对该短信息中身份认证标识 签名进行验证, 并将验证成功的短信息, 交后台服务器 (104) 处理;  B. After receiving the short message, the short message server (103) verifies the identity authentication identifier in the short message, and sends the short message with successful verification to the background server (104) for processing;
C.所述短信服务器 (103) 将所述后台服务器 (104) 处理的结果组织成 短信息, 加入其自身的身份认证标识签名、 安全数据头以及处理标识符后, 发送给所述移动终端 (101);  C. The short message server (103) organizes the result processed by the background server (104) into short information, adds its own identity authentication identifier signature, security data header, and processing identifier, and then sends the result to the mobile terminal ( 101);
D.所述移动终端 ( 101 )对收到的短信息进行识别, 确认为后台服务器 (104)处理的短信息时, 即将其转发给所述智能 SIM卡 ( 102 ) 处理;  D. The mobile terminal (101) identifies the received short message and confirms that it is a short message processed by the background server (104), and forwards it to the smart SIM card (102) for processing;
E.所述智能 SIM卡( 102 )对身份认证标识签名进行验证, 验证成功即发 送 STK 主动命令包含该短信息内容发给移动终端 (101); 验证失败发送 STK 主动命令包含验证失败信息给移动终端 ( 101 );  E. The smart SIM card (102) verifies the identity authentication identifier, and if the verification succeeds, the STK active command includes the short message content sent to the mobile terminal (101); the verification failure sends the STK active command to include the verification failure information to the mobile Terminal (101);
F.所述短信息内容被完整地存储在智能 SIM卡 ( 102 ) 中。  F. The short message content is stored intact in the smart SIM card (102).
2.根据权利要求 1所述的一种利用短信息进行身份认证的方法,其特征在 于: 步骤 A中所述加入自身的身份认证标识签名和安全数据头, 还包括步骤: A1.所述移动终端 ( 101 ) 的智能 SIM卡 ( 102 ), 对短信内容进行摘要后, 利用储存在其内部的私钥对摘要进行加密, 得到签名数据; 2. A method for identity authentication using short messages according to claim 1 The method includes: adding the identity authentication signature and the security data header in step A, and further comprising the steps of: A1. The smart SIM card (102) of the mobile terminal (101), after the summary of the short message content, is stored in the The internal private key encrypts the digest to obtain the signature data;
A2.在该短信息内容的前面按照 GSM 03.48附加安全数据头, 并在该安全 数据头字段里面标识为签名短信息, 再把所述签名数据复制到该安全数据头 中;  A2. Attaching a security data header in front of the short message content according to GSM 03.48, and identifying the signature short message in the security data header field, and copying the signature data into the security data header;
A3.所述智能 SIM卡 ( 102 )通过主动式 STK命令 4巴所述的签名短信息传 送给该移动终端 ( 101 )。  A3. The smart SIM card (102) is transmitted to the mobile terminal (101) by the signature short message described by the active STK command.
3.根据权利要求 1所述的一种利用短信息进行身份认证的方法,其特征在 于: 步骤 C中所述加入自身的身份认证标识签名和安全数据头, 还包括步骤: The method for authenticating an identity by using a short message according to claim 1, wherein: adding the identity authentication signature and the security data header of the self in step C, the method further comprises the steps of:
C1.所述短信服务器 ( 103 )对所述短消息内容进行摘要, 并利用内部服 务器的私钥对摘要进行加密, 得到签名数据; C1. The short message server (103) summarizes the short message content, and encrypts the digest by using the private key of the internal server to obtain signature data;
C2.所述短信服务器 (103)在该短信息内容的前面按照 GSM 03.48 附加 安全数据头, 并在安全数据头字段里面标识为签名短信息, 再把所述签名数 据复制到安全数据头内;  C2. The short message server (103) attaches a security data header in front of the short message content according to GSM 03.48, and identifies it as a signature short message in the security data header field, and then copies the signature data into the security data header;
C3.短信服务器( 103 )设置该短信息的 TP-PID字段标识为 SIM卡处理标 识, 设置 TP—DCS字段为 Class 2。  C3. The short message server (103) sets the TP-PID field identifier of the short message to be the SIM card processing identifier, and sets the TP-DCS field to Class 2.
4.根据权利要求 1所述的一种利用短信息进行身份认证的方法,其特征在 于: 步骤 D中所述移动终端 ( 101 )对收到的短信息进行识别, 还包括步骤: 所述移动终端 ( 101 )收到短信息后, 判断短信息的 TP-PID和 TP-DCS字 段, 如果 TP- PID字段标识是 SIM卡处理标识, TP- DCS字段为 Class2, 就把 收到的短信息通过 ENVELOPE (SMS-PP DOWNLOAD)命令发送给所述智能 SIM卡 The method for authenticating an identity by using a short message according to claim 1, wherein: in step D, the mobile terminal (101) identifies the received short message, and further includes the following steps: After receiving the short message, the terminal (101) determines the TP-PID and TP-DCS fields of the short message. If the TP-ID field identifier is the SIM card processing identifier and the TP-DCS field is Class2, the received short message is passed. The ENVELOPE (SMS-PP DOWNLOAD) command is sent to the smart SIM card
5.根据权利要求 1所述的一种利用短信息进行身份认证的方法,其特征在 于: 步骤 E中所述智能 SIM卡( 102 )对身份认证标识进行验证, 还包括步骤:The method for authenticating an identity by using a short message according to claim 1, wherein the smart SIM card (102) verifies the identity authentication identifier in step E, and further includes the steps of:
E1.所述智能 SIM卡 ( 102 )根据 GSM 03. 48协议分析短信息的安全数据 头中的字段,判断是否为签名短信息,如是,即读取签名数据; E1. The smart SIM card (102) analyzes a field in the security data header of the short message according to the GSM 03.48 protocol, and determines whether it is a signature short message, and if so, reads the signature data;
E2.所述智能 S IM卡 ( 102 )使用发送者的公钥,即短信服务器 ( 103 ) 的 身份证认证标识对短信息中的签名信息进行验证。  E2. The smart S IM card (102) verifies the signature information in the short message using the sender's public key, that is, the ID card authentication identifier of the short message server (103).
6. 根据权利要求 1 所述的一种利用短信息进行身份认证的方法,其特征 在于:  6. A method for identity authentication using short messages according to claim 1, wherein:
签名短信息发送端 移动终端 ( 101 ) 和短信服务器 ( 103 )存储有各 自的身份认证标识信息; 签名短信息接收端 移动终端 (101 )和短服务器 ( 103 )存储有或者能够得到对方的身份证认证标识信息。  The signature short message transmitting end mobile terminal (101) and the short message server (103) store respective identity authentication identification information; the signature short message receiving end mobile terminal (101) and the short server (103) store or can obtain the other party's identity card Certification identification information.
7. 根据权利要求 1所述的一种利用短信息进行身份认证的方法, 其特征 在于:  7. A method for identity authentication using short messages according to claim 1, wherein:
所述智能 SIM卡( 102 ) 包括一体卡和依赖于 SIM卡体以实现原有 SIM卡 扩展为电子钱包以及拥有加、 解密功能的设备。  The smart SIM card (102) includes an integrated card and a device that relies on the SIM card body to implement the expansion of the original SIM card into an electronic wallet and has an encryption and decryption function.
8.根据权利要求 1 至 3之任一项所述的一种利用短信息进行身份认证的 方法, 其特征在于:  The method for authenticating an identity using short messages according to any one of claims 1 to 3, characterized in that:
所述对短信息身份认证标识签名为数字签名, 生成和验证签名的算法包 括 ECC和 /或 RSA算法。  The signature of the short message identity authentication identifier is a digital signature, and the algorithm for generating and verifying the signature includes an ECC and/or RSA algorithm.
9.根据权利要求 1所述的一种利用短信息进行身份认证的方法,其特征在 于:  9. A method for identity authentication using short messages according to claim 1, wherein:
所述移动终端 ( 101 )对短信息的身份证认证标识签名和签名验证是在其 智能 SIM卡 ( 102 ) 内完成的。  The identity verification and signature verification of the identity authentication of the short message by the mobile terminal (101) is done in its smart SIM card (102).
PCT/CN2009/074489 2008-11-24 2009-11-03 Identity authentication method using short messages WO2010057405A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810217673.7 2008-11-24
CN200810217673A CN101742504A (en) 2008-11-24 2008-11-24 Method for carrying out identity authentication by utilizing short messages

Publications (1)

Publication Number Publication Date
WO2010057405A1 true WO2010057405A1 (en) 2010-05-27

Family

ID=42197833

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/074489 WO2010057405A1 (en) 2008-11-24 2009-11-03 Identity authentication method using short messages

Country Status (2)

Country Link
CN (1) CN101742504A (en)
WO (1) WO2010057405A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404115A (en) * 2010-09-16 2012-04-04 林新格 Method for realizing bidirectional safety certification of mobile phone and server in WAP (Wireless Application Protocol) mobile phone banking system by using SD (Secure Digital Memory) card and system thereof
CN106682899A (en) * 2015-11-10 2017-05-17 国民技术股份有限公司 Method for confirming online transaction safety through mobile phone and system thereof
CN104936155B (en) * 2015-04-29 2018-10-19 中国移动通信集团北京有限公司 A kind of processing method and processing device of SMS signature
EP3989622A1 (en) * 2020-10-26 2022-04-27 Proofpoint, Inc. Using signed tokens to verify short message service (sms) message bodies

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102340771A (en) * 2010-07-22 2012-02-01 黄金富 Network for authenticating identity via mobile phone network and network addressing method
CN103632258A (en) * 2012-08-27 2014-03-12 深圳市一兆科技发展有限公司 Consumption payment method and system, and equipment
CN103841527B (en) * 2012-11-20 2018-05-08 中国移动通信集团公司 User terminal, SMS server, secondary-confirmation short message certification system and method
CN103093341B (en) * 2012-12-27 2016-02-24 惠州市德赛工业研究院有限公司 A kind of safe payment method based on RFID intelligence payment system
CN103941652A (en) * 2013-01-22 2014-07-23 浙江安科网络技术有限公司 Method and device suitable for security protection and security audit of various DCS production control systems
CN103914773A (en) * 2014-04-04 2014-07-09 武汉银讯科技发展有限公司 Transaction method and system integrating multiple kinds of membership card information
CN104618399B (en) * 2015-03-05 2018-09-14 中国联合网络通信集团有限公司 A kind of data security methods and system protected in payment by using short messages business
CN111355776B (en) * 2016-09-20 2023-10-24 徐蔚 Service providing method and device based on multiple application programs and mobile terminal
CN106657032B (en) * 2016-12-05 2023-11-14 北京博惠城信息科技有限公司 System and method for realizing identity authentication and data authentication based on secure medium secret short message
CN110022536A (en) * 2018-01-08 2019-07-16 中国移动通信有限公司研究院 Verification information processing method, communication equipment, business platform and storage medium
CN109462828B (en) * 2019-01-03 2021-06-29 中国联合网络通信集团有限公司 Machine-card bidirectional short message processing method, device and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1437376A (en) * 2002-02-08 2003-08-20 泰康亚洲(北京)科技有限公司 Method of realizing safe mobile e-business in GSM
CN101030856A (en) * 2006-07-19 2007-09-05 王李琰 Method for verifying SMS and transmitting reliability classification based on cipher technology mark
CN101247605A (en) * 2008-03-25 2008-08-20 中兴通讯股份有限公司 Short information enciphering and endorsement method, mobile terminal and short information ciphering system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1437376A (en) * 2002-02-08 2003-08-20 泰康亚洲(北京)科技有限公司 Method of realizing safe mobile e-business in GSM
CN101030856A (en) * 2006-07-19 2007-09-05 王李琰 Method for verifying SMS and transmitting reliability classification based on cipher technology mark
CN101247605A (en) * 2008-03-25 2008-08-20 中兴通讯股份有限公司 Short information enciphering and endorsement method, mobile terminal and short information ciphering system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404115A (en) * 2010-09-16 2012-04-04 林新格 Method for realizing bidirectional safety certification of mobile phone and server in WAP (Wireless Application Protocol) mobile phone banking system by using SD (Secure Digital Memory) card and system thereof
CN104936155B (en) * 2015-04-29 2018-10-19 中国移动通信集团北京有限公司 A kind of processing method and processing device of SMS signature
CN106682899A (en) * 2015-11-10 2017-05-17 国民技术股份有限公司 Method for confirming online transaction safety through mobile phone and system thereof
WO2017080355A1 (en) * 2015-11-10 2017-05-18 国民技术股份有限公司 Method for confirming on-line transaction security by means of mobile phone and system thereof
EP3989622A1 (en) * 2020-10-26 2022-04-27 Proofpoint, Inc. Using signed tokens to verify short message service (sms) message bodies
US11811932B2 (en) 2020-10-26 2023-11-07 Proofpoint, Inc. Using signed tokens to verify short message service (SMS) message bodies
US12192363B2 (en) 2020-10-26 2025-01-07 Proofpoint, Inc. Using signed tokens to verify short message service (sms) message bodies

Also Published As

Publication number Publication date
CN101742504A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
WO2010057405A1 (en) Identity authentication method using short messages
KR102364874B1 (en) Method and apparatus for facilitating electronic payments using a wearable device
CN101098225B (en) Safety data transmission method and paying method, paying terminal and paying server
EP1502383B1 (en) Method for authenticating and verifying sms communications
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
CN110073387A (en) Confirm being associated between communication equipment and user
JP2007042103A (en) Method and apparatus for physical POS transactions
CN110232568A (en) Method of mobile payment, device, computer equipment and readable storage medium storing program for executing
CN101771973B (en) Data short message processing method, data short message processing equipment and data short message processing system
CN103036681B (en) A kind of password safety keyboard device and system
CN101496044A (en) Method and system for confirming transaction by mobile unit
CN113613227B (en) Data transmission method and device of Bluetooth equipment, storage medium and electronic device
CN105827656A (en) Identity authentication method based on NFC payment and device
WO2015007198A1 (en) Internet-based secure payment system and secure payment method
WO2014194822A1 (en) Secure information interaction method for electronic resources transfer
WO2017044677A1 (en) Method and apparatus for facilitating electronic payments using a wearable device
CN101882343A (en) A method, system and device for cardless operation of an automatic teller machine
CN103778528A (en) Payment processing method, payment processing system and payment processing device
KR101300764B1 (en) Method for Issuing Settlement/Authentication Token using Data Network and Voice Network
Urien EMV-TLS, a secure payment protocol for NFC enabled mobiles
CN103107881B (en) Access method, device and system of smart card
CN108259176B (en) Digital signature method, system and terminal based on mobile phone card
WO2017206510A1 (en) Nfc payment method and device
CN112383912B (en) Account opening method, server, system and storage medium
CN102611813B (en) Telephone network the silver device, phone internet banking system and phone Net silver method of commerce

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09827154

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29/09/2011)

122 Ep: pct application non-entry in european phase

Ref document number: 09827154

Country of ref document: EP

Kind code of ref document: A1